"product:websphere_application_server" CVE Search Results

Advanced Filters

CVE Vulnerabilities for "product:websphere_application_server"

Showing 1-10 of 442 CVEs (filtered from 316,527 total)

CVE-2025-36099

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources.

MEDIUM 4.9

EPSS 0.1%

9/29/2025

2025

CVE-2025-36047

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

MEDIUM 5.3

EPSS 0.1%

8/14/2025

2025

CVE-2025-33142

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.

MEDIUM 5.3

EPSS 0.0%

8/14/2025

2025

CVE-2025-36000

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

MEDIUM 4.4

EPSS 0.0%

8/12/2025

2025

CVE-2025-36124

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration

MEDIUM 5.9

EPSS 0.1%

8/12/2025

2025

CVE-2024-56339

IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.

LOW 3.7

EPSS 0.0%

8/7/2025

2024

CVE-2025-36097

IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources.

HIGH 7.5

EPSS 0.1%

7/16/2025

2025

CVE-2025-36038

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.

CRITICAL 9

EPSS 0.3%

6/25/2025

2025

CVE-2025-33104

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

MEDIUM 4.4

EPSS 0.0%

5/14/2025

2025

CVE-2025-27907

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

MEDIUM 4.1

EPSS 0.0%

4/22/2025

2025

	Description				Year
CVE-2025-36099	IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources. IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user co... 4.90	4.9MEDIUM	0.1%Minimal	-	2025
CVE-2025-36047	IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request... 5.30	5.3MEDIUM	0.1%Minimal	-	2025
CVE-2025-33142	IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections. IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections. 5.30	5.3MEDIUM	0.0%Minimal	-	2025
CVE-2025-36000	IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privile... 4.40	4.4MEDIUM	0.0%Minimal	-	2025
CVE-2025-36124	IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure t... 5.90	5.9MEDIUM	0.1%Minimal	-	2025
CVE-2024-56339	IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration. IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass securi... 3.70	3.7LOW	0.0%Minimal	-	2024
CVE-2025-36097	IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources. IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused ... 7.50	7.5HIGH	0.1%Minimal	-	2025
CVE-2025-36038	IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence o... 9.00	9.0CRITICAL	0.3%Minimal	-	2025
CVE-2025-33104	IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code... 4.40	4.4MEDIUM	0.0%Minimal	-	2025
CVE-2025-27907	IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send una... 4.10	4.1MEDIUM	0.0%Minimal	-	2025

Page 1 of 2